mirror of
https://github.com/maybe-finance/maybe.git
synced 2025-07-19 13:19:39 +02:00
9336719242
- Replace API keys with OAuth2 tokens for mobile apps - Add device tracking and management for mobile sessions - Implement 30-day token expiration with refresh tokens - Add MFA/2FA support for mobile login - Create dedicated auth endpoints (signup/login/refresh) - Skip CSRF protection for API endpoints - Return plaintext tokens (not hashed) in responses - Track devices with unique IDs and metadata - Enable seamless native mobile experience without OAuth redirects This provides enterprise-grade security for the iOS/Android apps while maintaining a completely native authentication flow. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
6 lines
212 B
Ruby
6 lines
212 B
Ruby
class AddOauthApplicationToMobileDevices < ActiveRecord::Migration[7.2]
|
|
def change
|
|
add_column :mobile_devices, :oauth_application_id, :integer
|
|
add_index :mobile_devices, :oauth_application_id
|
|
end
|
|
end
|